On 07/31/2013 10:12 AM, Kinkie wrote:
>>>> Not if the math overflowed down to a smaller value before it even got
>>>> passed
>>>> to reserveCapacity().
>>>
>>> Ok. I'm going to check minSpace. maxSize+minSpace is definitely not
>>> enough to overflow size_type
>>
>>
>> minSpace is controlled completely by the unknown caller code. It may be
>> UINT_MAX or something equally capable of overflowing when you add to it.
> What is currently done is:
>
> reserveSpace(minSpace) {
> reserveCapacity(length()+minSpace);
> }
Kinkie,
I am afraid you are missing the point here. Consider the case where
minSpace is the maximum value that size_type can hold and length() is
100. The above sum overflows _before_ any of your checks in
reserveCapacity() happen.
The correct check in reserveSpace() is:
Must(minSpace >= 0 && length() < maximum size_type value - minSpace)
The negative check must come first (but will be deleted later).
HTH,
Alex.
